From 49de918c2537ff35c5c88587eb2ee15861630165 Mon Sep 17 00:00:00 2001 From: Takashi Kajinami Date: Thu, 1 Sep 2022 02:38:42 +0900 Subject: [PATCH] privsep: Add support for the remaining parameters This change adds support for the following two parameters of the oslo.privsep library, so that all options can be configured by the oslo::privsep defined resource type. - thread_pool_size - logger_name Change-Id: I88eb0a5a1d3fd795a2c29b7be4d6e5722a330c45 --- manifests/privsep.pp | 48 ++++++++++++------- .../notes/privsep-opts-d3d12d20281a0ee5.yaml | 5 ++ spec/defines/oslo_privsep_spec.rb | 14 ++++-- 3 files changed, 47 insertions(+), 20 deletions(-) create mode 100644 releasenotes/notes/privsep-opts-d3d12d20281a0ee5.yaml diff --git a/manifests/privsep.pp b/manifests/privsep.pp index 1cc5760..18f4883 100644 --- a/manifests/privsep.pp +++ b/manifests/privsep.pp @@ -15,7 +15,8 @@ # (Required) Configuration file to manage. (string value) # # [*config_group*] -# (Optional) Name of the section in which the parameters are set. (string value) +# (Optional) Name of the section in which the parameters are set. +# (string value) # Defaults to "privsep_${entrypoint}" # # [*user*] @@ -27,14 +28,25 @@ # Defaults to $::os_service_default. # # [*capabilities*] -# (Optional) List of Linux capabilities retained by the privsep daemon. (list value) +# (Optional) List of Linux capabilities retained by the privsep daemon. +# (list value) +# Defaults to $::os_service_default. +# +# [*thread_pool_size*] +# (Optional) The number of threads available for privsep to concurrently +# run processes. # Defaults to $::os_service_default. # # [*helper_command*] -# (Optional) Command to invoke to start the privsep daemon if not using the "fork" method. -# If not specified, a default is generated using "sudo privsep-helper" and arguments designed to -# recreate the current configuration. This command must accept suitable --privsep_context -# and --privsep_sock_path arguments. +# (Optional) Command to invoke to start the privsep daemon if not using +# the "fork" method. If not specified, a default is generated using +# "sudo privsep-helper" and arguments designed to recreate the current +# configuration. This command must accept suitable --privsep_context and +# --privsep_sock_path arguments. +# Defaults to $::os_service_default. +# +# [*logger_name*] +# (Optional) Logger name to use for this privsep context. # Defaults to $::os_service_default. # # == Examples @@ -45,19 +57,23 @@ # define oslo::privsep ( $config, - $entrypoint = $name, - $config_group = "privsep_${entrypoint}", - $user = $::os_service_default, - $group = $::os_service_default, - $capabilities = $::os_service_default, - $helper_command = $::os_service_default, + $entrypoint = $name, + $config_group = "privsep_${entrypoint}", + $user = $::os_service_default, + $group = $::os_service_default, + $capabilities = $::os_service_default, + $thread_pool_size = $::os_service_default, + $helper_command = $::os_service_default, + $logger_name = $::os_service_default, ) { $privsep_options = { - "${config_group}/user" => { value => $user }, - "${config_group}/group" => { value => $group }, - "${config_group}/capabilities" => { value => $capabilities }, - "${config_group}/helper_command" => { value => $helper_command }, + "${config_group}/user" => { value => $user }, + "${config_group}/group" => { value => $group }, + "${config_group}/capabilities" => { value => $capabilities }, + "${config_group}/thread_pool_size" => { value => $thread_pool_size }, + "${config_group}/helper_command" => { value => $helper_command }, + "${config_group}/logger_name" => { value => $logger_name }, } create_resources($config, $privsep_options) diff --git a/releasenotes/notes/privsep-opts-d3d12d20281a0ee5.yaml b/releasenotes/notes/privsep-opts-d3d12d20281a0ee5.yaml new file mode 100644 index 0000000..71614f7 --- /dev/null +++ b/releasenotes/notes/privsep-opts-d3d12d20281a0ee5.yaml @@ -0,0 +1,5 @@ +--- +features: + - | + The ``oslo::privsep`` defined resource type now supports + the ``thread_pool_size`` parameter and the ``logger_name`` parameter. diff --git a/spec/defines/oslo_privsep_spec.rb b/spec/defines/oslo_privsep_spec.rb index 9bf6ab9..bb73718 100644 --- a/spec/defines/oslo_privsep_spec.rb +++ b/spec/defines/oslo_privsep_spec.rb @@ -15,17 +15,21 @@ describe 'oslo::privsep' do is_expected.to contain_keystone_config('privsep_osbrick/user').with_value('') is_expected.to contain_keystone_config('privsep_osbrick/group').with_value('') is_expected.to contain_keystone_config('privsep_osbrick/capabilities').with_value('') + is_expected.to contain_keystone_config('privsep_osbrick/thread_pool_size').with_value('') is_expected.to contain_keystone_config('privsep_osbrick/helper_command').with_value('') + is_expected.to contain_keystone_config('privsep_osbrick/logger_name').with_value('') end end context 'with overridden parameters' do before do params.merge!({ - :user => 'keystone', - :group => 'keystone', - :capabilities => [], - :helper_command => 'sudo nova-rootwrap /etc/nova/rootwrap.conf privsep-helper --config-file /etc/nova/nova.conf', + :user => 'keystone', + :group => 'keystone', + :capabilities => [], + :thread_pool_size => 1, + :helper_command => 'sudo nova-rootwrap /etc/nova/rootwrap.conf privsep-helper --config-file /etc/nova/nova.conf', + :logger_name => 'oslo_privsep.daemon', }) end @@ -33,7 +37,9 @@ describe 'oslo::privsep' do is_expected.to contain_keystone_config('privsep_osbrick/user').with_value('keystone') is_expected.to contain_keystone_config('privsep_osbrick/group').with_value('keystone') is_expected.to contain_keystone_config('privsep_osbrick/capabilities').with_value([]) + is_expected.to contain_keystone_config('privsep_osbrick/thread_pool_size').with_value(1) is_expected.to contain_keystone_config('privsep_osbrick/helper_command').with_value('sudo nova-rootwrap /etc/nova/rootwrap.conf privsep-helper --config-file /etc/nova/nova.conf') + is_expected.to contain_keystone_config('privsep_osbrick/logger_name').with_value('oslo_privsep.daemon') end end